You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2017/10/27 17:50:48 UTC
[04/24] incubator-guacamole-client git commit: GUACAMOLE-362:
Implement new CipherGuacamoleProperty and move cipher functionality to it.
GUACAMOLE-362: Implement new CipherGuacamoleProperty and move cipher functionality to it.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/36489ff4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/36489ff4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/36489ff4
Branch: refs/heads/staging/0.9.14-incubating
Commit: 36489ff403ae66219e858773b7e5095241628c2a
Parents: c3aaf0a
Author: Nick Couchman <vn...@apache.org>
Authored: Sun Aug 27 20:34:46 2017 -0400
Committer: Nick Couchman <ni...@yahoo.com>
Committed: Fri Oct 27 13:05:12 2017 -0400
----------------------------------------------------------------------
.../auth/cas/AuthenticationProviderService.java | 46 ++--------
.../auth/cas/conf/CASGuacamoleProperties.java | 6 +-
.../auth/cas/conf/ConfigurationService.java | 3 +-
.../properties/CipherGuacamoleProperty.java | 92 ++++++++++++++++++++
4 files changed, 102 insertions(+), 45 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/36489ff4/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
index feb842d..b7ebdf7 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/AuthenticationProviderService.java
@@ -37,6 +37,7 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Enumeration;
import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.xml.bind.DatatypeConverter;
@@ -170,53 +171,16 @@ public class AuthenticationProviderService {
try {
- // Open and read the file specified in the configuration.
- File keyFile = new File(environment.getGuacamoleHome(), confService.getClearpassKey().toString());
- InputStream keyInput = new BufferedInputStream(new FileInputStream(keyFile));
- final byte[] keyBytes = new byte[(int) keyFile.length()];
- keyInput.read(keyBytes);
- keyInput.close();
-
- // Set up decryption infrastructure
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- KeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
- final PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
- final Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
- final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
- cipher.init(Cipher.DECRYPT_MODE, privateKey);
+ final Cipher cipher = confService.getClearpassCipher();
// Decrypt and return a new string.
+ final byte[] pass64 = DatatypeConverter.parseBase64Binary(encryptedPassword);
final byte[] cipherData = cipher.doFinal(pass64);
return new String(cipherData);
}
- catch (FileNotFoundException e) {
- logger.error("ClearPass key file not found, password will not be decrypted.");
- logger.debug("Error locating the ClearPass key file: {}", e);
- return null;
- }
- catch (IOException e) {
- logger.error("Error reading ClearPass key file, password will not be decrypted.");
- logger.debug("Error reading the ClearPass key file: {}", e);
- return null;
- }
- catch (NoSuchAlgorithmException e) {
- logger.error("Unable to find the specified algorithm, password will not be decrypted.");
- logger.debug("Algorithm was not found: {}", e);
- return null;
- }
- catch (InvalidKeyException e) {
- logger.error("Invalid key was loaded, password will not be decrypted.");
- logger.debug("The loaded key was invalid: {}", e);
- return null;
- }
- catch (IllegalArgumentException e) {
- logger.error("Failed to parse Base64 data, password will not be decrypted.");
- logger.debug("Data received was not valid Base64 data, so decryption cannot continue: {}", e);
- return null;
- }
catch (Throwable t) {
- logger.error("Error decrypting password, it will not be available as a token.");
- logger.debug("Error in one of the components to decrypt the password: {}", t);
+ logger.error("Failed to decrypt the data, password token will not be available.");
+ logger.debug("Failed to either convert Base64 or decrypt the password. CAS Password will not be available inside Guacamole. Exception is: {}", t);
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/36489ff4/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
index 410e848..7a600c9 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
@@ -19,7 +19,7 @@
package org.apache.guacamole.auth.cas.conf;
-import org.apache.guacamole.properties.FileGuacamoleProperty;
+import org.apache.guacamole.properties.CipherGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
/**
@@ -62,8 +62,8 @@ public class CASGuacamoleProperties {
* The location of the private key file used to retrieve the
* password if CAS is configured to support ClearPass.
*/
- public static final FileGuacamoleProperty CAS_CLEARPASS_KEY =
- new FileGuacamoleProperty() {
+ public static final CipherGuacamoleProperty CAS_CLEARPASS_KEY =
+ new CipherGuacamoleProperty() {
@Override
public String getName() { return "cas-clearpass-key"; }
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/36489ff4/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
index b2d74d5..ba969d4 100644
--- a/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
+++ b/extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.cas.conf;
import com.google.inject.Inject;
import java.io.File;
+import javax.crypto.Cipher;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
@@ -81,7 +82,7 @@ public class ConfigurationService {
* @throws GuacamoleException
* If guacamole.properties cannot be parsed.
*/
- public File getClearpassKey() throws GuacamoleException {
+ public Cipher getClearpassCipher() throws GuacamoleException {
return environment.getProperty(CASGuacamoleProperties.CAS_CLEARPASS_KEY);
}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/36489ff4/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
----------------------------------------------------------------------
diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
new file mode 100644
index 0000000..e2f95ec
--- /dev/null
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/properties/CipherGuacamoleProperty.java
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.properties;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.io.IOException;
+import java.lang.IllegalArgumentException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * A GuacamoleProperty whose value is derived from a private key file.
+ */
+public abstract class CipherGuacamoleProperty implements GuacamoleProperty<Cipher> {
+
+ @Override
+ public Cipher parseValue(String value) throws GuacamoleException {
+
+ try {
+
+ final Environment environment = new LocalEnvironment();
+
+ // Open and read the file specified in the configuration.
+ File keyFile = new File(environment.getGuacamoleHome(), value);
+ InputStream keyInput = new BufferedInputStream(new FileInputStream(keyFile));
+ final byte[] keyBytes = new byte[(int) keyFile.length()];
+ keyInput.read(keyBytes);
+ keyInput.close();
+
+ // Set up decryption infrastructure
+ KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+ KeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
+ final PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
+ final Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
+ cipher.init(Cipher.DECRYPT_MODE, privateKey);
+
+ return cipher;
+
+ }
+ catch (FileNotFoundException e) {
+ throw new GuacamoleException("Could not find the specified key file.", e);
+ }
+ catch (IOException e) {
+ throw new GuacamoleException("Could not read in the specified key file.", e);
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw new GuacamoleException("Specified algorithm does not exist.", e);
+ }
+ catch (InvalidKeyException e) {
+ throw new GuacamoleException("Specified key is invalid.", e);
+ }
+ catch (InvalidKeySpecException e) {
+ throw new GuacamoleException("Invalid KeySpec initialization.", e);
+ }
+ catch (NoSuchPaddingException e) {
+ throw new GuacamoleException("No such padding exception.", e);
+ }
+
+ }
+
+}